summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRaghavendra G <rgowdapp@redhat.com>2019-03-21 16:37:30 +0530
committerRaghavendra G <rgowdapp@redhat.com>2019-03-27 10:48:12 +0530
commit0d8668cb44550163eb8d4111006a105a6826bdbb (patch)
tree6b60f80af63e5795a872f6e5c8c6a033f738153f
parent7cbf23bbc61879e7af70bbb2b42951a73966f3c6 (diff)
performance/write-behind: fix use after free in readdirp_cbk
wb_inode->lock is accessed after inode_unref (inode), which is a use-after-free as the inode_unref can potentially free up the inode and hence the inode-ctx (wb_inode). Instead inode_unref has to happen after the last access of wb_inode. Change-Id: Ie1a8bb5e44a668578e7d6bcedc77df52618a36e2 Signed-off-by: Raghavendra G <rgowdapp@redhat.com> Fixes: bz#1691292
-rw-r--r--xlators/performance/write-behind/src/write-behind.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/xlators/performance/write-behind/src/write-behind.c b/xlators/performance/write-behind/src/write-behind.c
index c80f0e7e271..6093ec2d7a1 100644
--- a/xlators/performance/write-behind/src/write-behind.c
+++ b/xlators/performance/write-behind/src/write-behind.c
@@ -2494,11 +2494,14 @@ wb_readdirp_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
entry->inode = NULL;
memset (&entry->d_stat, 0,
sizeof (entry->d_stat));
-
- inode_unref (inode);
}
}
UNLOCK (&wb_inode->lock);
+
+ if (inode) {
+ inode_unref (inode);
+ inode = NULL;
+ }
}
unwind: